Looking for on-site training? Adversary Tactics - Red Team Operations is available from the fine folks at Specter Ops, Inc.. Email for more information.

Advanced Threat Tactics (Notes and References) is a free course on red team operations and adversary simulations. This course will provide the background and skills necessary to emulate an advanced threat actor with Cobalt Strike.

1. Operations

This course starts with an overview of the Cobalt Strike project, team server setup, and a deep dive into Cobalt Strike's model for long-term distributed operations. Logging and Reporting are covered as well.

2. Infrastructure

This lecture covers listener manager and how to configure the various Beacon flavors. Ample time is devoted to cloud-based redirectors, DNS Beacon setup, and infrastructure troubleshooting. This lecture concludes with a discussion on payload security.

3. Targeted Attacks

Learn how to get a foothold in a modern enterprise with a targeted spear phishing attack. This lecture covers client-side reconnaissance, user-driven attacks, delivering Beacon with exploits, and spear phishing.

4. Post Exploitation

Let's go over what happens once you get into a network. Learn how to manage Beacons, pass sessions, exfiltrate data, log keystrokes, grab screenshots from many systems at once, and scan for targets. This lecture also covers browser pivoting, Cobalt Strike's innovative man-in-the-browser session stealing attack.

5. Privilege Escalation

Privilege Escalation is elevating from standard user rights to full control of a system. This lecture goes over user account control, the privilege escalation options in Beacon, finding escalation opportunities with PowerUp, credential and hash harvesting, and advanced Mimikatz features.

6. Lateral Movement

Lateral Movement is abusing trust relationships to attack systems in an enterprise network. This video covers host and user enumeration, remote control of systems without using malware, and remote code execution with the Beacon payload. You'll also learn to steal tokens, use credentials, pass-the-hash, and generate Kerberos Golden Tickets.

7. Pivoting

This video shows how to tunnel traffic through Beacon. You'll learn how to send the Metasploit® Framework and other tools through a SOCKS proxy pivot. You'll also learn how to turn a compromised system into a redirector for callbacks and hosting malicious content. And, you'll see how to tunnel Beacon over SSH.

8. Malleable Command and Control

Malleable Command and Control is Cobalt Strike's domain-specific language to redefine payload indicators. This is a key technology for adversary simulations. This lecture covers Malleable C2 setup and use, the profile language, and how to test profiles.

9. Evasion

This course concludes with a deep dive into evasion. This lecture covers e-mail anti-spoofing measures, anti-virus evasion, application whitelisting, egress, and tips to challenge sophisticated hunt teams.